﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data.SqlClient;

namespace Botonet
{
    public class cUser
    {
        public string error;
        private cDB DBclass;
        public string type;

        public cUser()
        {
            this.error = "";
            this.DBclass = new cDB();
            this.type = "";
        }
        public bool create(string Email, string Nombre, string Apellido, string Password, string DNI, string SuperUser)
        {
            string strQuery;
            bool ok = false;
            strQuery = "SELECT Email FROM Usuarios WHERE Email = '" + Email + "'";

            if (this.DBclass.execQuery(strQuery, "registro"))
            {
                if (this.DBclass.DS.Tables["registro"].Rows.Count < 1)
                {
                    strQuery = "INSERT INTO Usuarios (Email, Nombre, Apellido, Password, DNI, SuperUser) VALUES (";
                    strQuery += "'" + Email + "','" + Nombre + "','" + Apellido + "','" + Password + "','" + DNI + "'," + SuperUser + ")";
                    if (this.DBclass.execQuery(strQuery, "registro"))
                    {
                        ok = true;
                    }
                    else
                    {
                        this.error = this.DBclass.e.Message;
                    }
                }
                else
                {
                    this.error = "E-Mail ya existente, por favor registre otro.";
                }
            }
            else
            {
                this.error = "Error al ejecutar la operaci&oacute;n.";
            }
            return ok;
        }
        public bool login(string user, string pass)
        {
            bool ok = false;
            int i;
            String[] Grupos;
            string strQuery = "SELECT * FROM Usuarios LEFT JOIN Usuarios_Grupos ON Usuarios.Email = Usuarios_Grupos.Email_Usuario ";
            strQuery += " WHERE ";
            strQuery += "Usuarios.Email = '" + user + "' AND Usuarios.Password = '" + pass + "' ";

            if (DBclass.execQuery(strQuery, "Login"))
            {
                if (DBclass.DS.Tables["Login"].Rows.Count > 0)
                {

                    HttpContext.Current.Session.Timeout = 60;
                    HttpContext.Current.Session["Nombre"] = DBclass.DS.Tables["Login"].Rows[0]["Nombre"];
                    HttpContext.Current.Session["Apellido"] = DBclass.DS.Tables["Login"].Rows[0]["Apellido"];
                    HttpContext.Current.Session["Email"] = DBclass.DS.Tables["Login"].Rows[0]["Email"];
                    HttpContext.Current.Session["DNI"] = DBclass.DS.Tables["Login"].Rows[0]["DNI"];
                    HttpContext.Current.Session["SuperUser"] = DBclass.DS.Tables["Login"].Rows[0]["SuperUser"];
                    Grupos = new String[DBclass.DS.Tables["Login"].Rows.Count];
                    for (i = 0; i < DBclass.DS.Tables["Login"].Rows.Count; i++)
                    {
                        Grupos[i] = DBclass.DS.Tables["Login"].Rows[i]["Grupo_Usuario"].ToString();
                    }
                    HttpContext.Current.Session["Grupos"] = Grupos;
                    HttpContext.Current.Session["Tipo"] = this.TipoUsuario();
                    ok = true;
                }
                else
                {
                    this.error = "Asegurese que los datos ingresados sean correctos.";
                }
            }
            else
            {
                this.error = DBclass.e.Message;
            }
            return ok;
        }
        public bool update(string Email, string Nombre, string Apellido, string DNI)
        {
            string strQuery;
            bool ok = false;

            strQuery = "UPDATE Usuarios SET Nombre= '" + Nombre + "'";
            strQuery += ", Apellido='" + Apellido + "'";
            strQuery += ", DNI='" + DNI + "'";
            strQuery += " WHERE Email='" + Email + "'";

            if (this.DBclass.execQuery(strQuery, "update"))
            {
                ok = true;
                this.refresh(Email);
            }
            else
            {
                this.error = this.DBclass.e.Message;
            }

            return ok;
        }
        public bool delete(string Email)
        {
            string strQuery;
            bool ok = false;

            strQuery = "DELETE Usuarios WHERE Email = '" + Email + "'";

            if (this.DBclass.execQuery(strQuery, "delete"))
            {
                ok = true;
            }
            else
            {
                this.error = this.DBclass.e.Message;
                return false;
            }

            return ok;
        }
        public bool setGroup(string Email, string idGroup, bool AdminGroup)
        {
            string strQuery;
            bool ok = false;
            if (!AdminGroup)
            {
                strQuery = "DELETE FROM Usuarios_Grupos WHERE Email_Usuario = '" + Email + "'";
                this.DBclass.execQuery(strQuery, "gDelete");
                ok = true;
            }
            if (idGroup != "NULL")
            {
                strQuery = "INSERT INTO Usuarios_Grupos (Email_Usuario, Grupo_Usuario) VALUES ('" + Email + "', " + idGroup + ")";

                if (this.DBclass.execQuery(strQuery, "update"))
                {
                    ok = true;
                }
                else
                {
                    this.error = this.DBclass.e.Message;
                    ok = false;
                }
            }

            return ok;
        }
        public bool DeleteUserGroup(string Email, string idGroup)
        {
            string strQuery;
            bool ok = false;

            strQuery = "DELETE FROM Usuarios_Grupos WHERE Email_Usuario = '" + Email + "'";
            strQuery += " AND Grupo_Usuario = " + idGroup;
            if (this.DBclass.execQuery(strQuery, "gDelete"))
                ok = true;

            return ok;
        }
        public bool passUpdate(string Email, string Pass)
        {
            string strQuery;
            bool ok = false;

            strQuery = "UPDATE Usuarios SET Password= '" + Pass + "'";
            strQuery += " WHERE Email='" + Email + "'";

            if (this.DBclass.execQuery(strQuery, "update"))
            {
                ok = true;
            }
            else
            {
                this.error = this.DBclass.e.Message;
                return false;
            }

            return ok;
        }
        public bool refresh(string Email)
        {
            bool ok = false;
            int i;
            String[] Grupos;
            string strQuery = "SELECT * FROM Usuarios LEFT JOIN Usuarios_Grupos ON Usuarios.Email = Usuarios_Grupos.Email_Usuario ";
            strQuery += " WHERE ";
            strQuery += "Usuarios.Email = '" + Email + "' ";

            if (DBclass.execQuery(strQuery, "Login"))
            {
                if (DBclass.DS.Tables["Login"].Rows.Count > 0)
                {

                    HttpContext.Current.Session.Timeout = 60;
                    HttpContext.Current.Session["Nombre"] = DBclass.DS.Tables["Login"].Rows[0]["Nombre"];
                    HttpContext.Current.Session["Apellido"] = DBclass.DS.Tables["Login"].Rows[0]["Apellido"];
                    HttpContext.Current.Session["Email"] = DBclass.DS.Tables["Login"].Rows[0]["Email"];
                    HttpContext.Current.Session["DNI"] = DBclass.DS.Tables["Login"].Rows[0]["DNI"];
                    HttpContext.Current.Session["SuperUser"] = DBclass.DS.Tables["Login"].Rows[0]["SuperUser"];
                    Grupos = new String[DBclass.DS.Tables["Login"].Rows.Count];
                    for (i = 0; i < DBclass.DS.Tables["Login"].Rows.Count; i++)
                    {
                        Grupos[i] = DBclass.DS.Tables["Login"].Rows[i]["Grupo_Usuario"].ToString();
                    }
                    HttpContext.Current.Session["Grupos"] = Grupos;
                    HttpContext.Current.Session["Tipo"] = this.TipoUsuario();
                    ok = true;
                }
                else
                {
                    this.error = "Usuario no encontrado.";
                }
            }
            else
            {
                this.error = DBclass.e.Message;
            }
            return ok;
        }
        public string TipoUsuario()
        {
            if ((HttpContext.Current.Session["Email"] != null) && (HttpContext.Current.Session["Email"].ToString() != ""))
            {
                if ((HttpContext.Current.Session["Email"].ToString() != "admin@botonet.com"))
                {
                    if (bool.Parse(HttpContext.Current.Session["SuperUser"].ToString()))
                    {
                        this.type = "groupAdmin";
                    }
                    else
                    {
                        this.type = "user";
                    }
                }
                else
                {
                    this.type = "admin";
                }
            }

            return this.type;
        }
        public bool SuperUserUpdate(string Email, string SuperUser)
        {
            string strQuery;
            bool ok = false;

            strQuery = "UPDATE Usuarios SET SuperUser= " + SuperUser + "";
            strQuery += " WHERE Email='" + Email + "'";

            if (this.DBclass.execQuery(strQuery, "update"))
            {
                ok = true;
            }
            else
            {
                this.error = this.DBclass.e.Message;
                return false;
            }

            return ok;
        }
    }
}